regen master

2025-09-01 15:05:23 +00:00 · 2015-11-18 01:04:11 +00:00
parent b57276f89e
commit dec590a3de
27 changed files with 72 additions and 49 deletions
--- a/2
+++ b/2
@@ -92,7 +92,7 @@ Q: I'm trying to use TSIG to authenticate dynamic updates or zone
   rejecting the TSIG. Why?
 A: This may be a clock skew problem. Check that the the clocks on the
-   client and server are properly synchronised (e.g., using ntp).
+   client and server are properly synchronized (e.g., using ntp).
 Q: I see a log message like the following. Why?
--- a/bin/dig/dig.1
+++ b/bin/dig/dig.1
@@ -207,7 +207,7 @@ Enable memory usage debugging\&.
 .PP
 \-p \fIport\fR
 .RS 4
-Send the query to a non\-standard port on the server, instead of the defaut port 53\&. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number\&.
+Send the query to a non\-standard port on the server, instead of the default port 53\&. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number\&.
 .RE
 .PP
 \-q \fIname\fR
--- a/bin/dig/dig.html
+++ b/bin/dig/dig.html
@@ -191,7 +191,7 @@
 <dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
 <dd><p>
 	    Send the query to a non-standard port on the server,
-	    instead of the defaut port 53. This option would be used
+	    instead of the default port 53. This option would be used
 	    to test a name server that has been configured to listen
 	    for queries on a non-standard port number.
 	  </p></dd>
--- a/bin/dnssec/dnssec-importkey.8
+++ b/bin/dnssec/dnssec-importkey.8
@@ -44,7 +44,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-dnssec-importkey \- Import DNSKEY records from external systems so they can be managed\&.
+dnssec-importkey \- import DNSKEY records from external systems so they can be managed
 .SH "SYNOPSIS"
 .HP \w'\fBdnssec\-importkey\fR\ 'u
 \fBdnssec\-importkey\fR [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] {\fBkeyfile\fR}
--- a/bin/dnssec/dnssec-importkey.html
+++ b/bin/dnssec/dnssec-importkey.html
@@ -24,7 +24,7 @@
 <a name="man.dnssec-importkey"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-importkey</span> &#8212; Import DNSKEY records from external systems so they can be managed.</p>
+<p><span class="application">dnssec-importkey</span> &#8212; import DNSKEY records from external systems so they can be managed</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
--- a/bin/dnssec/dnssec-revoke.8
+++ b/bin/dnssec/dnssec-revoke.8
@@ -44,7 +44,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-dnssec-revoke \- Set the REVOKED bit on a DNSSEC key
+dnssec-revoke \- set the REVOKED bit on a DNSSEC key
 .SH "SYNOPSIS"
 .HP \w'\fBdnssec\-revoke\fR\ 'u
 \fBdnssec\-revoke\fR [\fB\-hr\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\fR] [\fB\-R\fR] {keyfile}
--- a/bin/dnssec/dnssec-revoke.html
+++ b/bin/dnssec/dnssec-revoke.html
@@ -23,7 +23,7 @@
 <a name="man.dnssec-revoke"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-revoke</span> &#8212; Set the REVOKED bit on a DNSSEC key</p>
+<p><span class="application">dnssec-revoke</span> &#8212; set the REVOKED bit on a DNSSEC key</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
--- a/bin/dnssec/dnssec-settime.8
+++ b/bin/dnssec/dnssec-settime.8
@@ -44,7 +44,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-dnssec-settime \- Set the key timing metadata for a DNSSEC key
+dnssec-settime \- set the key timing metadata for a DNSSEC key
 .SH "SYNOPSIS"
 .HP \w'\fBdnssec\-settime\fR\ 'u
 \fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile}
--- a/bin/dnssec/dnssec-settime.html
+++ b/bin/dnssec/dnssec-settime.html
@@ -23,7 +23,7 @@
 <a name="man.dnssec-settime"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-settime</span> &#8212; Set the key timing metadata for a DNSSEC key</p>
+<p><span class="application">dnssec-settime</span> &#8212; set the key timing metadata for a DNSSEC key</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
--- a/bin/python/dnssec-checkds.8
+++ b/bin/python/dnssec-checkds.8
@@ -44,7 +44,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-dnssec-checkds \- A DNSSEC delegation consistency checking tool\&.
+dnssec-checkds \- DNSSEC delegation consistency checking tool
 .SH "SYNOPSIS"
 .HP \w'\fBdnssec\-checkds\fR\ 'u
 \fBdnssec\-checkds\fR [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-d\ \fR\fB\fIdig\ path\fR\fR] [\fB\-D\ \fR\fB\fIdsfromkey\ path\fR\fR] {zone}
--- a/bin/python/dnssec-checkds.html
+++ b/bin/python/dnssec-checkds.html
@@ -23,7 +23,7 @@
 <a name="man.dnssec-checkds"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-checkds</span> &#8212; A DNSSEC delegation consistency checking tool.</p>
+<p><span class="application">dnssec-checkds</span> &#8212; DNSSEC delegation consistency checking tool</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
--- a/bin/tools/named-rrchecker.1
+++ b/bin/tools/named-rrchecker.1
@@ -44,7 +44,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-named-rrchecker \- A syntax checker for individual DNS resource records
+named-rrchecker \- syntax checker for individual DNS resource records
 .SH "SYNOPSIS"
 .HP \w'\fBnamed\-rrchecker\fR\ 'u
 \fBnamed\-rrchecker\fR [\fB\-h\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-p\fR] [\fB\-u\fR] [\fB\-C\fR] [\fB\-T\fR] [\fB\-P\fR]
--- a/bin/tools/named-rrchecker.html
+++ b/bin/tools/named-rrchecker.html
@@ -24,7 +24,7 @@
 <a name="man.named-rrchecker"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">named-rrchecker</span> &#8212; A syntax checker for individual DNS resource records</p>
+<p><span class="application">named-rrchecker</span> &#8212; syntax checker for individual DNS resource records</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
--- a/doc/arm/Bv9ARM.ch04.html
+++ b/doc/arm/Bv9ARM.ch04.html
@@ -134,12 +134,14 @@
      </p>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
 <p>
        As a slave zone can also be a master to other slaves, <span class="command"><strong>named</strong></span>,
        by default, sends <span class="command"><strong>NOTIFY</strong></span> messages for every zone
        it loads.  Specifying <span class="command"><strong>notify master-only;</strong></span> will
        cause <span class="command"><strong>named</strong></span> to only send <span class="command"><strong>NOTIFY</strong></span> for master
        zones that it loads.
-      </div>
+      </p>
 </div>
 </div>
 <div class="section">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
@@ -1064,9 +1066,11 @@ options {
 </pre>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
 <p>
          None of the keys listed in this example are valid.  In particular,
          the root key is not valid.
-        </div>
+        </p>
 </div>
 <p>
          When DNSSEC validation is enabled and properly configured,
          the resolver will reject any answers from signed, secure zones
@@ -1614,12 +1618,14 @@ $ <strong class="userinput"><code> /opt/pkcs11/usr/bin/softhsm-util --init-token
    </p>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
 <p>
      The latest OpenSSL versions as of this writing (January 2015)
      are 0.9.8zc, 1.0.0o, and 1.0.1j.
      ISC will provide updated patches as new versions of OpenSSL
      are released. The version number in the following examples
      is expected to change.
-    </div>
+    </p>
 </div>
 <p>
      Before building BIND 9 with PKCS#11 support, it will be
      necessary to build OpenSSL with the patch in place, and configure
@@ -1642,10 +1648,12 @@ $ <strong class="userinput"><code>patch -p1 -d openssl-0.9.8zc \
 </pre>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
-	Note that the patch file may not be compatible with the
+<p>
 	The patch file may not be compatible with the
 	"patch" utility on all operating systems. You may need to
 	install GNU patch.
-      </div>
+      </p>
 </div>
 <p>
 	When building OpenSSL, place it in a non-standard
 	location so that it does not interfere with OpenSSL libraries
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -475,7 +475,7 @@
                  followed by '%' to represent percents.
                </p>
                <p>
-                  The behaviour is exactly the same as
+                  The behavior is exactly the same as
                  <code class="varname">size_spec</code>, but
                  <code class="varname">size_or_percent</code> allows also
                  to specify a positive integer value followed by
@@ -3876,7 +3876,6 @@ options {
                  queries.
                  Caching may still occur as an effect the server's internal
                  operation, such as NOTIFY address lookups.
                  See also <span class="command"><strong>fetch-glue</strong></span> above.
                </p></dd>
 <dt><span class="term"><span class="command"><strong>request-nsid</strong></span></span></dt>
 <dd><p>
@@ -5242,13 +5241,15 @@ avoid-v6-udp-ports {};
                </p>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
 <p>
                  If you do not wish the alternate transfer source
                  to be used, you should set
                  <span class="command"><strong>use-alt-transfer-source</strong></span>
                  appropriately and you should not depend upon
                  getting an answer back to the first refresh
                  query.
-                </div>
+                </p>
 </div>
 </dd>
 <dt><span class="term"><span class="command"><strong>alt-transfer-source-v6</strong></span></span></dt>
 <dd><p>
@@ -6334,7 +6335,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
                  may be sent while servicing a recursive query.
                  If more queries are sent, the recursive query
                  is terminated and returns SERVFAIL. Queries to
-                  look up top level comains such as "com" and "net"
+                  look up top level domains such as "com" and "net"
                  and the DNS root zone are exempt from this limitation.
                  The default is 75.
                </p></dd>
@@ -6613,11 +6614,13 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
          </p>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
 <p>
            The real parent servers for these zones should disable all
            empty zone under the parent zone they serve.  For the real
            root servers, this is all built-in empty zones.  This will
            enable them to return referrals to deeper in the tree.
-          </div>
+          </p>
 </div>
 <div class="variablelist"><dl class="variablelist">
 <dt><span class="term"><span class="command"><strong>empty-server</strong></span></span></dt>
 <dd><p>
@@ -7055,7 +7058,7 @@ deny-answer-aliases { "example.net"; };
 <p>
                    A special form of local data is a CNAME whose target is a
                    wildcard such as *.example.com.
-                    It is used as if were an ordinary CNAME after the astrisk (*)
+                    It is used as if were an ordinary CNAME after the asterisk (*)
                    has been replaced with the query name.
                    The purpose for this special form is query logging in the
                    walled garden's authority DNS server.
@@ -9198,7 +9201,7 @@ example.com. NS ns2.example.net.
                    unsigned zone is transferred in or loaded from
                    disk and a signed version of the zone is served,
                    with possibly, a different serial number.  This
-                    behaviour is disabled by default.
+                    behavior is disabled by default.
                  </p></dd>
 <dt><span class="term"><span class="command"><strong>multi-master</strong></span></span></dt>
 <dd><p>
@@ -9413,7 +9416,7 @@ example.com. NS ns2.example.net.
                        The <em class="replaceable"><code>name</code></em> field
                        is subject to DNS wildcard expansion, and
                        this rule matches when the name being updated
-                        name is a valid expansion of the wildcard.
+                        is a valid expansion of the wildcard.
                      </p>
                    </td>
 </tr>
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -312,10 +312,12 @@ allow-query { !{ !10/8; any; }; key example; };
          </p>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
-            Note that if the <span class="command"><strong>named</strong></span> daemon is running as an
+<p>
            If the <span class="command"><strong>named</strong></span> daemon is running as an
            unprivileged user, it will not be able to bind to new restricted
            ports if the server is reloaded.
-          </div>
+          </p>
 </div>
 </div>
 </div>
 <div class="section">
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -88,7 +88,7 @@
 	  records with an incorrect class to be be accepted,
 	  triggering a REQUIRE failure when those records
 	  were subsequently cached.  This flaw is disclosed
-	  in CVE-2015-8000. [RT #4098]
+	  in CVE-2015-8000. [RT #40987]
 	</p></li>
 <li class="listitem"><p>
 	  An incorrect boundary check in the OPENPGPKEY rdatatype
@@ -504,6 +504,9 @@
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
 <li class="listitem"><p>
 	  Updated the complied in addresses for H.ROOT-SERVERS.NET.
 	</p></li>
 <li class="listitem"><p>
 	  ACLs containing <span class="command"><strong>geoip asnum</strong></span> elements were
 	  not correctly matched unless the full organization name was
--- a/doc/arm/Bv9ARM.ch12.html
+++ b/doc/arm/Bv9ARM.ch12.html
@@ -432,9 +432,13 @@ $ <strong class="userinput"><code>make</code></strong>
  </p></dd>
 </dl></div>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
-<h3 class="title">Note</h3>In practice, either -a or -r must be specified.  Others can
+<h3 class="title">Note</h3>
-   be optional; the underlying library routine tries to identify the
+<p>
-   appropriate server and the zone name for the update.</div>
+	In practice, either -a or -r must be specified.  Others can
 	be optional; the underlying library routine tries to identify the
 	appropriate server and the zone name for the update.
   </p>
 </div>
 <p>
   Examples: assuming the primary authoritative server of the
   dynamic.example.com zone has an IPv6 address 2001:db8::1234,
--- a/doc/arm/Bv9ARM.ch13.html
+++ b/doc/arm/Bv9ARM.ch13.html
@@ -57,7 +57,7 @@
 <span class="refentrytitle"><a href="man.delv.html">delv</a></span><span class="refpurpose"> &#8212; DNS lookup and validation utility</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.dnssec-checkds.html"><span class="application">dnssec-checkds</span></a></span><span class="refpurpose"> &#8212; A DNSSEC delegation consistency checking tool.</span>
+<span class="refentrytitle"><a href="man.dnssec-checkds.html"><span class="application">dnssec-checkds</span></a></span><span class="refpurpose"> &#8212; DNSSEC delegation consistency checking tool</span>
 </dt>
 <dt>
 <span class="refentrytitle"><a href="man.dnssec-coverage.html"><span class="application">dnssec-coverage</span></a></span><span class="refpurpose"> &#8212; checks future DNSKEY coverage for a zone</span>
@@ -66,7 +66,7 @@
 <span class="refentrytitle"><a href="man.dnssec-dsfromkey.html"><span class="application">dnssec-dsfromkey</span></a></span><span class="refpurpose"> &#8212; DNSSEC DS RR generation tool</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.dnssec-importkey.html"><span class="application">dnssec-importkey</span></a></span><span class="refpurpose"> &#8212; Import DNSKEY records from external systems so they can be managed.</span>
+<span class="refentrytitle"><a href="man.dnssec-importkey.html"><span class="application">dnssec-importkey</span></a></span><span class="refpurpose"> &#8212; import DNSKEY records from external systems so they can be managed</span>
 </dt>
 <dt>
 <span class="refentrytitle"><a href="man.dnssec-keyfromlabel.html"><span class="application">dnssec-keyfromlabel</span></a></span><span class="refpurpose"> &#8212; DNSSEC key generation tool</span>
@@ -75,10 +75,10 @@
 <span class="refentrytitle"><a href="man.dnssec-keygen.html"><span class="application">dnssec-keygen</span></a></span><span class="refpurpose"> &#8212; DNSSEC key generation tool</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.dnssec-revoke.html"><span class="application">dnssec-revoke</span></a></span><span class="refpurpose"> &#8212; Set the REVOKED bit on a DNSSEC key</span>
+<span class="refentrytitle"><a href="man.dnssec-revoke.html"><span class="application">dnssec-revoke</span></a></span><span class="refpurpose"> &#8212; set the REVOKED bit on a DNSSEC key</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.dnssec-settime.html"><span class="application">dnssec-settime</span></a></span><span class="refpurpose"> &#8212; Set the key timing metadata for a DNSSEC key</span>
+<span class="refentrytitle"><a href="man.dnssec-settime.html"><span class="application">dnssec-settime</span></a></span><span class="refpurpose"> &#8212; set the key timing metadata for a DNSSEC key</span>
 </dt>
 <dt>
 <span class="refentrytitle"><a href="man.dnssec-signzone.html"><span class="application">dnssec-signzone</span></a></span><span class="refpurpose"> &#8212; DNSSEC zone signing tool</span>
@@ -105,7 +105,7 @@
 <span class="refentrytitle"><a href="man.named-journalprint.html"><span class="application">named-journalprint</span></a></span><span class="refpurpose"> &#8212; print zone journal in human-readable form</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.named-rrchecker.html"><span class="application">named-rrchecker</span></a></span><span class="refpurpose"> &#8212; A syntax checker for individual DNS resource records</span>
+<span class="refentrytitle"><a href="man.named-rrchecker.html"><span class="application">named-rrchecker</span></a></span><span class="refpurpose"> &#8212; syntax checker for individual DNS resource records</span>
 </dt>
 <dt>
 <span class="refentrytitle"><a href="man.nsupdate.html"><span class="application">nsupdate</span></a></span><span class="refpurpose"> &#8212; Dynamic DNS update utility</span>
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -292,7 +292,7 @@
 <span class="refentrytitle"><a href="man.delv.html">delv</a></span><span class="refpurpose"> &#8212; DNS lookup and validation utility</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.dnssec-checkds.html"><span class="application">dnssec-checkds</span></a></span><span class="refpurpose"> &#8212; A DNSSEC delegation consistency checking tool.</span>
+<span class="refentrytitle"><a href="man.dnssec-checkds.html"><span class="application">dnssec-checkds</span></a></span><span class="refpurpose"> &#8212; DNSSEC delegation consistency checking tool</span>
 </dt>
 <dt>
 <span class="refentrytitle"><a href="man.dnssec-coverage.html"><span class="application">dnssec-coverage</span></a></span><span class="refpurpose"> &#8212; checks future DNSKEY coverage for a zone</span>
@@ -301,7 +301,7 @@
 <span class="refentrytitle"><a href="man.dnssec-dsfromkey.html"><span class="application">dnssec-dsfromkey</span></a></span><span class="refpurpose"> &#8212; DNSSEC DS RR generation tool</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.dnssec-importkey.html"><span class="application">dnssec-importkey</span></a></span><span class="refpurpose"> &#8212; Import DNSKEY records from external systems so they can be managed.</span>
+<span class="refentrytitle"><a href="man.dnssec-importkey.html"><span class="application">dnssec-importkey</span></a></span><span class="refpurpose"> &#8212; import DNSKEY records from external systems so they can be managed</span>
 </dt>
 <dt>
 <span class="refentrytitle"><a href="man.dnssec-keyfromlabel.html"><span class="application">dnssec-keyfromlabel</span></a></span><span class="refpurpose"> &#8212; DNSSEC key generation tool</span>
@@ -310,10 +310,10 @@
 <span class="refentrytitle"><a href="man.dnssec-keygen.html"><span class="application">dnssec-keygen</span></a></span><span class="refpurpose"> &#8212; DNSSEC key generation tool</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.dnssec-revoke.html"><span class="application">dnssec-revoke</span></a></span><span class="refpurpose"> &#8212; Set the REVOKED bit on a DNSSEC key</span>
+<span class="refentrytitle"><a href="man.dnssec-revoke.html"><span class="application">dnssec-revoke</span></a></span><span class="refpurpose"> &#8212; set the REVOKED bit on a DNSSEC key</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.dnssec-settime.html"><span class="application">dnssec-settime</span></a></span><span class="refpurpose"> &#8212; Set the key timing metadata for a DNSSEC key</span>
+<span class="refentrytitle"><a href="man.dnssec-settime.html"><span class="application">dnssec-settime</span></a></span><span class="refpurpose"> &#8212; set the key timing metadata for a DNSSEC key</span>
 </dt>
 <dt>
 <span class="refentrytitle"><a href="man.dnssec-signzone.html"><span class="application">dnssec-signzone</span></a></span><span class="refpurpose"> &#8212; DNSSEC zone signing tool</span>
@@ -340,7 +340,7 @@
 <span class="refentrytitle"><a href="man.named-journalprint.html"><span class="application">named-journalprint</span></a></span><span class="refpurpose"> &#8212; print zone journal in human-readable form</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.named-rrchecker.html"><span class="application">named-rrchecker</span></a></span><span class="refpurpose"> &#8212; A syntax checker for individual DNS resource records</span>
+<span class="refentrytitle"><a href="man.named-rrchecker.html"><span class="application">named-rrchecker</span></a></span><span class="refpurpose"> &#8212; syntax checker for individual DNS resource records</span>
 </dt>
 <dt>
 <span class="refentrytitle"><a href="man.nsupdate.html"><span class="application">nsupdate</span></a></span><span class="refpurpose"> &#8212; Dynamic DNS update utility</span>
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -209,7 +209,7 @@
 <dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
 <dd><p>
 	    Send the query to a non-standard port on the server,
-	    instead of the defaut port 53. This option would be used
+	    instead of the default port 53. This option would be used
 	    to test a name server that has been configured to listen
 	    for queries on a non-standard port number.
 	  </p></dd>
--- a/doc/arm/man.dnssec-checkds.html
+++ b/doc/arm/man.dnssec-checkds.html
@@ -42,7 +42,7 @@
 <a name="man.dnssec-checkds"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-checkds</span> &#8212; A DNSSEC delegation consistency checking tool.</p>
+<p><span class="application">dnssec-checkds</span> &#8212; DNSSEC delegation consistency checking tool</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
--- a/doc/arm/man.dnssec-importkey.html
+++ b/doc/arm/man.dnssec-importkey.html
@@ -42,7 +42,7 @@
 <a name="man.dnssec-importkey"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-importkey</span> &#8212; Import DNSKEY records from external systems so they can be managed.</p>
+<p><span class="application">dnssec-importkey</span> &#8212; import DNSKEY records from external systems so they can be managed</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
--- a/doc/arm/man.dnssec-revoke.html
+++ b/doc/arm/man.dnssec-revoke.html
@@ -42,7 +42,7 @@
 <a name="man.dnssec-revoke"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-revoke</span> &#8212; Set the REVOKED bit on a DNSSEC key</p>
+<p><span class="application">dnssec-revoke</span> &#8212; set the REVOKED bit on a DNSSEC key</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
--- a/doc/arm/man.dnssec-settime.html
+++ b/doc/arm/man.dnssec-settime.html
@@ -42,7 +42,7 @@
 <a name="man.dnssec-settime"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-settime</span> &#8212; Set the key timing metadata for a DNSSEC key</p>
+<p><span class="application">dnssec-settime</span> &#8212; set the key timing metadata for a DNSSEC key</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
--- a/doc/arm/man.named-rrchecker.html
+++ b/doc/arm/man.named-rrchecker.html
@@ -42,7 +42,7 @@
 <a name="man.named-rrchecker"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">named-rrchecker</span> &#8212; A syntax checker for individual DNS resource records</p>
+<p><span class="application">named-rrchecker</span> &#8212; syntax checker for individual DNS resource records</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -49,7 +49,7 @@
 	  records with an incorrect class to be be accepted,
 	  triggering a REQUIRE failure when those records
 	  were subsequently cached.  This flaw is disclosed
-	  in CVE-2015-8000. [RT #4098]
+	  in CVE-2015-8000. [RT #40987]
 	</p></li>
 <li class="listitem"><p>
 	  An incorrect boundary check in the OPENPGPKEY rdatatype
@@ -465,6 +465,9 @@
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
 <li class="listitem"><p>
 	  Updated the complied in addresses for H.ROOT-SERVERS.NET.
 	</p></li>
 <li class="listitem"><p>
 	  ACLs containing <span class="command"><strong>geoip asnum</strong></span> elements were
 	  not correctly matched unless the full organization name was